CVE-2024-8955

High CVSS: 7.5

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.4. This vulnerability allows an attacker to read the contents of any file in the system by exploiting the BROWSERTOOL_GOTO_PAGE and BROWSERTOOL_GET_PAGE_DETAILS actions.

Vendor

Composio

Product

Composio

CWE

CWE-918

Yayın Tarihi

2025-03-20 10:15:45

Güncelleme

2025-10-15 13:15:56

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-918 Composio HIGH Composio 2025

Referanslar

https://huntr.com/bounties/13bc0399-2d9b-449e-95f2-6e9a7e39383d

Benzer Kayıtlar

High

CVE-2025-56427

Directory Traversal vulnerability in ComposioHQ v.0.7.20 allows a remote attacker to obtain sensitive information via th…

Critical

CVE-2024-8958

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools action…

High

CVE-2024-8952

A Server-Side Request Forgery (SSRF) vulnerability exists in composiohq/composio version v0.4.2, specifically in the /ap…

Critical

CVE-2024-8953

In composiohq/composio version 0.4.3, the mathematical_calculator endpoint uses the unsafe eval() function to perform ma…

Critical

CVE-2024-8954

In composiohq/composio version 0.5.10, the API does not validate the `x-api-key` header's value during the authenticatio…

Medium

CVE-2024-53526

composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the han…